binder: 20462:20470 transaction failed 29189/-3, size 72-24 line 3136 binder: undelivered TRANSACTION_ERROR: 29189 binder: 20462:20470 got transaction to invalid handle binder: 20462:20470 transaction failed 29201/-22, size 0-0 line 3013 binder: 20462:20470 ioctl c0306201 20000080 returned -14 INFO: task kworker/u4:5:2128 blocked for more than 140 seconds. Not tainted 4.9.141+ #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/u4:5 D26104 2128 2 0x80000000 Workqueue: events_unbound fsnotify_mark_destroy_workfn ffff8801d2c82f80 0000000000000000 ffff8801d139ee00 ffff8801da6f2f80 ffff8801db721018 ffff8801cc1977c0 ffffffff828075c2 ffffffff83cd8580 ffffffff00000000 fffffbfff08489a8 006f24ce00000001 ffff8801db7218f0 Call Trace: [] schedule+0x7f/0x1b0 kernel/sched/core.c:3553 [] schedule_timeout+0x735/0xe20 kernel/time/timer.c:1771 [] do_wait_for_common kernel/sched/completion.c:75 [inline] [] __wait_for_common kernel/sched/completion.c:93 [inline] [] wait_for_common+0x3ef/0x5d0 kernel/sched/completion.c:101 [] wait_for_completion+0x18/0x20 kernel/sched/completion.c:122 [] __synchronize_srcu+0x254/0x3b0 kernel/rcu/srcu.c:448 [] synchronize_srcu+0x1e/0x40 kernel/rcu/srcu.c:492 [] fsnotify_mark_destroy_list+0x10f/0x390 fs/notify/mark.c:551 [] fsnotify_mark_destroy_workfn+0xe/0x10 fs/notify/mark.c:561 [] process_one_work+0x831/0x15f0 kernel/workqueue.c:2092 [] worker_thread+0xd6/0x1140 kernel/workqueue.c:2226 [] kthread+0x26d/0x300 kernel/kthread.c:211 [] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373 Showing all locks held in the system: 2 locks held by khungtaskd/24: #0: (rcu_read_lock){......}, at: [] check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline] #0: (rcu_read_lock){......}, at: [] watchdog+0x11c/0xa20 kernel/hung_task.c:239 #1: (tasklist_lock){.+.+..}, at: [] debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336 1 lock held by rsyslogd/1896: #0: (&f->f_pos_lock){+.+.+.}, at: [] __fdget_pos+0xac/0xd0 fs/file.c:781 2 locks held by getty/2023: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 2 locks held by kworker/u4:5/2128: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((reaper_work).work){+.+...}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 24 Comm: khungtaskd Not tainted 4.9.141+ #1 ffff8801d9907d08 ffffffff81b42e79 0000000000000000 0000000000000001 0000000000000001 0000000000000001 ffffffff810983b0 ffff8801d9907d40 ffffffff81b4df89 0000000000000001 0000000000000000 0000000000000002 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] nmi_cpu_backtrace.cold.0+0x48/0x87 lib/nmi_backtrace.c:99 [] nmi_trigger_cpumask_backtrace+0x12c/0x151 lib/nmi_backtrace.c:60 [] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37 [] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline] [] check_hung_task kernel/hung_task.c:125 [inline] [] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline] [] watchdog+0x6ad/0xa20 kernel/hung_task.c:239 [] kthread+0x26d/0x300 kernel/kthread.c:211 [] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 20474 Comm: syz-executor.4 Not tainted 4.9.141+ #1 task: ffff8801a0f44740 task.stack: ffff8801cd208000 RIP: 0010:[] c [] __read_once_size include/linux/compiler.h:243 [inline] RIP: 0010:[] c [] check_kcov_mode kernel/kcov.c:68 [inline] RIP: 0010:[] c [] __sanitizer_cov_trace_pc+0x20/0x50 kernel/kcov.c:100 RSP: 0018:ffff8801cd20f6c8 EFLAGS: 00000246 RAX: ffff8801a0f44740 RBX: ffff8801cd20f920 RCX: dffffc0000000000 RDX: 0000000000000000 RSI: ffffffff814957f3 RDI: ffff8801cd20f9a8 RBP: ffff8801cd20f6c8 R08: ffff8801a0f45010 R09: eb2e09fdc571bf56 R10: ffff8801a0f44740 R11: 0000000000000001 R12: 0000000000001000 R13: 0000000000001000 R14: ffffea0006b037c0 R15: ffff8801d1c4b9a8 FS: 00007f2d40da3700(0000) GS:ffff8801db600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000738000 CR3: 00000001caa95000 CR4: 00000000001606b0 Stack: ffff8801cd20f708c ffffffff814957f3c ffffffff814be468c 00007f2d41535000c 00007f2d41536000c 0000000000000005c ffffea0006b037c0c ffff8801d1c4b9a8c ffff8801cd20f868c ffffffff81499b10c 1ffff10039a41efcc dffffc0000000003c Call Trace: [] __tlb_remove_page_size+0x193/0x500 mm/memory.c:307 [] __tlb_remove_page include/asm-generic/tlb.h:163 [inline] [] zap_pte_range mm/memory.c:1165 [inline] [] zap_pmd_range mm/memory.c:1249 [inline] [] zap_pud_range mm/memory.c:1270 [inline] [] unmap_page_range+0xe60/0x1680 mm/memory.c:1291 [] unmap_single_vma+0x11c/0x170 mm/memory.c:1336 [] unmap_vmas+0x81/0xd0 mm/memory.c:1366 [] exit_mmap+0x1cc/0x3a0 mm/mmap.c:3021 [] __mmput kernel/fork.c:884 [inline] [] mmput+0xcd/0x360 kernel/fork.c:906 [] exit_mm kernel/exit.c:514 [inline] [] do_exit+0x6c9/0x2a50 kernel/exit.c:820 [] do_group_exit+0x111/0x300 kernel/exit.c:937 [] get_signal+0x4e1/0x1460 kernel/signal.c:2321 [] do_signal+0x95/0x1b00 arch/x86/kernel/signal.c:807 [] exit_to_usermode_loop+0x10e/0x150 arch/x86/entry/common.c:158 [] prepare_exit_to_usermode arch/x86/entry/common.c:194 [inline] [] syscall_return_slowpath arch/x86/entry/common.c:263 [inline] [] do_syscall_64+0x3e2/0x550 arch/x86/entry/common.c:290 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb Code: c76 c1d c00 ce9 c23 cfe cff cff c0f c1f c00 c55 c48 c89 ce5 c48 c8b c75 c08 c65 c48 c8b c04 c25 c00 c7e c01 c00 c65 c8b c15 c18 cc3 ccf c7e c81 ce2 c00 c01 c1f c00 c75 c2b c<8b> c90 c38 c12 c00 c00 c83 cfa c02 c75 c20 c48 c8b c88 c40 c12 c00 c00 c8b c80 c3c c